39

I'm trying to build a Windows installer using Nullsoft Install System that requires installation by an Administrator. The installer makes a "logs" directory. Since regular users can run this application, that directory needs to be writable by regular users. How do I specify that all users should have permission to have write access to that directory in the NSIS script language?

I admit that this sounds a like a sort of bad idea, but the application is just an internal app used by only a few people on a private network. I just need the log files saved so that I can see why the app is broken if something bad happens. The users can't be made administrator.

Jay R.
  • 31,911
  • 17
  • 52
  • 61

6 Answers6

38

Use the AccessControl plugin and then add this to the script, where the "logs" directory is in the install directory.

AccessControl::GrantOnFile "$INSTDIR\logs" "(BU)" "FullAccess"

That gives full access to the folder for all users.

Jay R.
  • 31,911
  • 17
  • 52
  • 61
19

AccessControl::GrantOnFile "<folder>" "(BU)" "FullAccess" didn't work for me on a Windows Server 2008 machine. Instead I had to use this one:

AccessControl::GrantOnFile "<folder>" "(S-1-5-32-545)" "FullAccess"

S-1-5-32-545 is equivalent to "Users" according to Microsoft Support: Well-known security identifiers in Windows operating systems.

BSMP
  • 4,596
  • 8
  • 33
  • 44
user474708
  • 191
  • 1
  • 2
10

Instead of changing the permissions on directories under Program Files, why not put the logs in a location that is writeable by all users.

See the 4.9.7.7 SetShellVarContext section in your NSIS documentation. You can use it with $APPDATA to get the application data folder that is writeable for all users.

Sam Hasler
  • 12,344
  • 10
  • 72
  • 106
  • 1
    Take a look at this answer for how to accomplish this in log4net: http://stackoverflow.com/questions/468989/how-to-specify-common-application-data-folder-for-log4net/1889591#1889591 – Gavin Miller Mar 30 '11 at 16:00
6

It's an old issue now but as suggested by Sören APPDATA directory is a nice way to do what you want, the thing is : Don't take user's personnal APPDATA but the "All Users" APPDATA dir! This way anyone will be able to access the log file ;-)

Also, I read somewhere that using (BU) on the GrantOnFile is not working well with some systems (Win 7 x64 if I remember well), maybe you should use the SID "(S-1-5-32-545)" instead (it's the All Users' SID, this value is a constant on each Windows OS)

Mirhahil
  • 61
  • 1
  • 1
5

One way: call the shell, and use cacls or xcacls.

Sören Kuklau
  • 19,454
  • 7
  • 52
  • 86
2

Why not create a log-directory in the user's %APPDATA% directory? Do you really need to put all the logs in the install directory? Why?

JesperE
  • 63,317
  • 21
  • 138
  • 197
  • I want other users to be able to view the logs too. If they are in the users APPDATA directory, then if user 1 runs the app, only user 1 or an admin can see the log file. – Jay R. Sep 22 '08 at 19:48